ExperimentLog1 – Cloud Computing

Context Navigation

Version 2 (modified by waue, 17 years ago) (diff)
--

package tw.org.nchc.code;
import java.io.IOException;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.HBaseAdmin;
import org.apache.hadoop.hbase.HBaseConfiguration;
import org.apache.hadoop.hbase.HColumnDescriptor;
import org.apache.hadoop.hbase.HTable;
import org.apache.hadoop.hbase.HTableDescriptor;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.io.WritableComparable;
import org.apache.hadoop.mapred.ClusterStatus;
import org.apache.hadoop.mapred.JobClient;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapred.MapReduceBase;
import org.apache.hadoop.mapred.Mapper;
import org.apache.hadoop.mapred.OutputCollector;
import org.apache.hadoop.mapred.Reporter;
class Log {
	String gid, sid, version;
	String alert_name, class_type, priority;
	String source, destination, type;
	String srcport, dstport,tmp;
	public Log(String data) {
		String[] arr = data.split(";");
		this.gid = arr[0];
		this.sid = arr[1];
		this.version = arr[2];
		this.alert_name = arr[3];
		this.class_type = arr[4];
		this.priority = arr[5];
		this.timestamp = getTime(arr[7] + "/" + arr[6] + ":" + arr[8] + ":"
				+ arr[9] + ":" + arr[10]);
		this.source = getIP(arr[11]);
		this.srcport = this.tmp;
		this.destination = getIP(arr[12]);
		this.dstport = this.tmp;
		this.type = arr[13];
	}
	long timestamp;
	String getIP(String str){
		String res;
		int n = str.indexOf(":");
		if (n == -1) {
			res = str;
			this.tmp = "0";
		} else {
			String[] vec = str.split(":");
			res = vec[0];
			this.tmp = vec[1];
		}
		return res;
	}
	long getTime(String str) {
		SimpleDateFormat sdf = new SimpleDateFormat("dd/MM:HH:mm:ss",
				Locale.TAIWAN);
		Long timestamp = sdf.parse(str, new ParsePosition(0)).getTime();
		return timestamp;
	}
}
// import AccessLogParser
public class SnortBase {
	static HBaseConfiguration conf = new HBaseConfiguration();
	public static final String TABLE = "table.name";
	static String tableName = "NewSnort";
	static HTable table = null;
	public static class MapClass extends MapReduceBase implements
			Mapper<WritableComparable, Text, Text, Writable> {
		public void configure(JobConf job) {
		}
		public void map(WritableComparable key, Text value,
				OutputCollector<Text, Writable> output, Reporter reporter)
				throws IOException {
			Log log = new Log(value.toString());
			String property_name = 
					"priority="+log.priority+
					";class="+log.class_type+
					";snort_id="+log.sid;
			String property_source = 
				log.source+":"+log.srcport+" => "
				+log.destination+":"+log.dstport;
			String property_payload = log.type;
			if (table == null)
				table = new HTable(conf, new Text(tableName));
			long lockId = table.startUpdate(new Text(log.destination+":"+log.sid));
			table.put(lockId, new Text("name:"+log.alert_name), property_name.getBytes());			
			table.put(lockId, new Text("from:"+log.source), property_source.getBytes());
			table.put(lockId, new Text("payload:"+log.type), property_payload.getBytes());
			table.commit(lockId, log.timestamp);
		}
	}

	// do it to resolve warning : FileSystem.listPaths
	static public Path[] listPaths(FileSystem fsm, Path path)
			throws IOException {
		FileStatus[] fss = fsm.listStatus(path);
		int length = fss.length;
		Path[] pi = new Path[length];
		for (int i = 0; i < length; i++) {
			pi[i] = fss[i].getPath();
		}
		return pi;
	}

	public static void runMapReduce(String tableName, String inpath)
			throws IOException {
		Path tempDir = new Path("/tmp/Mylog/");
		Path InputPath = new Path(inpath);
		FileSystem fs = FileSystem.get(conf);
		JobConf jobConf = new JobConf(conf, SnortBase.class);
		jobConf.setJobName("Snort Parse");
		jobConf.set(TABLE, tableName);
		jobConf.setInputPath(InputPath);
		jobConf.setOutputPath(tempDir);
		jobConf.setMapperClass(MapClass.class);
		JobClient client = new JobClient(jobConf);
		ClusterStatus cluster = client.getClusterStatus();
		jobConf.setNumMapTasks(cluster.getMapTasks());
		jobConf.setNumReduceTasks(0);
		fs.delete(tempDir);
		JobClient.runJob(jobConf);
		fs.delete(tempDir);
		fs.close();
	}

	public static void creatTable(String table) throws IOException {
		HBaseAdmin admin = new HBaseAdmin(conf);
		if (!admin.tableExists(new Text(table))) {
			System.out.println("1. " + table
					+ " table creating ... please wait");
			HTableDescriptor tableDesc = new HTableDescriptor(table);
			tableDesc.addFamily(new HColumnDescriptor("name:"));
			tableDesc.addFamily(new HColumnDescriptor("from:"));
			tableDesc.addFamily(new HColumnDescriptor("payload:"));
			admin.createTable(tableDesc);
		} else {
			System.out.println("1. " + table + " table already exists.");
		}
		System.out.println("2. access_log files fetching using map/reduce");
	}
	public static void main(String[] args) throws IOException, Exception {
		String path = "/user/waue/snort-log/alert_flex_parsed.txt";
		creatTable(tableName);
		runMapReduce(tableName, path);
	}
}

Row	Column	Cell
105.175.203.246<=402	from:168.150.177.165	168.150.177.165:0 => 105.175.203.246:0
105.175.203.246<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
105.175.203.246<=402	payload:ICMP	ICMP
105.219.67.188<=402	from:168.150.177.165	168.150.177.165:0 => 105.219.67.188:0
105.219.67.188<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
105.219.67.188<=402	payload:ICMP	ICMP
108.69.106.249<=402	from:168.150.177.165	168.150.177.165:0 => 108.69.106.249:0
108.69.106.249<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
108.69.106.249<=402	payload:ICMP	ICMP
111.243.168.133<=402	from:168.150.177.165	168.150.177.165:0 => 111.243.168.133:0
111.243.168.133<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
111.243.168.133<=402	payload:ICMP	ICMP
111.87.222.49<=402	from:168.150.177.165	168.150.177.165:0 => 111.87.222.49:0
111.87.222.49<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
111.87.222.49<=402	payload:ICMP	ICMP
117.35.249.36<=402	from:168.150.177.165	168.150.177.165:0 => 117.35.249.36:0
117.35.249.36<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
117.35.249.36<=402	payload:ICMP	ICMP
123.154.36.61<=402	from:168.150.177.165	168.150.177.165:0 => 123.154.36.61:0
123.154.36.61<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
123.154.36.61<=402	payload:ICMP	ICMP
124.47.161.50<=2924	from:168.150.177.165	168.150.177.165:445 => 124.47.161.50:3729
124.47.161.50<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
124.47.161.50<=2924	payload:TCP	TCP
133.84.11.26<=402	from:168.150.177.165	168.150.177.165:0 => 133.84.11.26:0
133.84.11.26<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
133.84.11.26<=402	payload:ICMP	ICMP
135.99.60.82<=402	from:168.150.177.165	168.150.177.165:0 => 135.99.60.82:0
135.99.60.82<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
135.99.60.82<=402	payload:ICMP	ICMP
140.110.138.192<=100000137	from:140.110.138.191	140.110.138.191:24800 => 140.110.138.192:39014
140.110.138.192<=100000137	name:COMMUNITY MISC BAD-SSL tcp detect	priority=3class=Misc activity
140.110.138.192<=100000137	payload:TCP	TCP
142.22.78.231<=402	from:168.150.177.165	168.150.177.165:0 => 142.22.78.231:0
142.22.78.231<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
142.22.78.231<=402	payload:ICMP	ICMP
145.127.244.37<=402	from:168.150.177.165	168.150.177.165:0 => 145.127.244.37:0
145.127.244.37<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
145.127.244.37<=402	payload:ICMP	ICMP
16.197.30.30<=402	from:168.150.177.165	168.150.177.165:0 => 16.197.30.30:0
16.197.30.30<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
16.197.30.30<=402	payload:ICMP	ICMP
165.228.223.251<=2924	from:168.150.177.165	168.150.177.165:445 => 165.228.223.251:3706
165.228.223.251<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
165.228.223.251<=2924	payload:TCP	TCP
167.85.69.97<=402	from:168.150.177.165	168.150.177.165:0 => 167.85.69.97:0
167.85.69.97<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
167.85.69.97<=402	payload:ICMP	ICMP
168.150.177.115<=402	from:168.150.177.165	168.150.177.165:0 => 168.150.177.115:0
168.150.177.115<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
168.150.177.115<=402	payload:ICMP	ICMP
168.150.177.115<=408	from:168.150.177.165	168.150.177.165:0 => 168.150.177.115:0
168.150.177.115<=408	name:ICMP Echo Reply	priority=3class=Misc activity
168.150.177.115<=408	payload:ICMP	ICMP
168.150.177.165<=1411	from:24.7.178.192	24.7.178.192:35974 => 168.150.177.165:161
168.150.177.165<=1411	name:SNMP public access udp	priority=2class=Attempted Information Leak
168.150.177.165<=1411	payload:UDP	UDP
168.150.177.165<=1417	from:24.7.178.192	24.7.178.192:35974 => 168.150.177.165:161
168.150.177.165<=1417	name:SNMP request udp	priority=2class=Attempted Information Leak
168.150.177.165<=1417	payload:UDP	UDP
168.150.177.165<=18	from:172.145.36.246	172.145.36.246:0 => 168.150.177.165:0
168.150.177.165<=18	name:(portscan) UDP Decoy Portscan	priority=3class=Port Scan
168.150.177.165<=18	payload:PROTO:255	PROTO:255
168.150.177.165<=2	from:222.100.101.2	222.100.101.2:0 => 168.150.177.165:0
168.150.177.165<=2	name:(portscan) TCP Decoy Portscan	priority=3class=Port Scan
168.150.177.165<=2	payload:PROTO:255	PROTO:255
168.150.177.165<=2182	from:219.47.72.53	219.47.72.53:34664 => 168.150.177.165:55728
168.150.177.165<=2182	from:220.144.91.32	220.144.91.32:34664 => 168.150.177.165:55728
168.150.177.165<=2182	name:BACKDOOR typot trojan traffic	priority=1class=A Network Trojan was detected
168.150.177.165<=2182	payload:TCP	TCP
168.150.177.165<=2351	from:12.215.86.115	12.215.86.115:1725 => 168.150.177.165:135
168.150.177.165<=2351	from:143.238.254.172	143.238.254.172:38037 => 168.150.177.165:135
168.150.177.165<=2351	from:172.131.96.11	172.131.96.11:4125 => 168.150.177.165:135
168.150.177.165<=2351	from:172.209.45.131	172.209.45.131:4492 => 168.150.177.165:135
168.150.177.165<=2351	from:208.28.150.10	208.28.150.10:2327 => 168.150.177.165:135
168.150.177.165<=2351	from:213.139.233.82	213.139.233.82:29543 => 168.150.177.165:135
168.150.177.165<=2351	from:216.230.44.131	216.230.44.131:36188 => 168.150.177.165:135
168.150.177.165<=2351	from:58.107.83.219	58.107.83.219:61335 => 168.150.177.165:135
168.150.177.165<=2351	from:60.173.70.174	60.173.70.174:60112 => 168.150.177.165:135
168.150.177.165<=2351	from:60.234.234.235	60.234.234.235:4016 => 168.150.177.165:135
168.150.177.165<=2351	from:62.62.141.11	62.62.141.11:31463 => 168.150.177.165:135
168.150.177.165<=2351	from:69.204.206.39	69.204.206.39:3469 => 168.150.177.165:135
168.150.177.165<=2351	from:72.242.6.121	72.242.6.121:2825 => 168.150.177.165:135
168.150.177.165<=2351	from:80.183.136.26	80.183.136.26:3834 => 168.150.177.165:135
168.150.177.165<=2351	from:85.64.246.247	85.64.246.247:3083 => 168.150.177.165:135
168.150.177.165<=2351	name:NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode	priority=1class=Attempted Administrator Privilege Gain
168.150.177.165<=2351	payload:TCP	TCP
168.150.177.165<=2403	from:124.47.161.50	124.47.161.50:1029 => 168.150.177.165:139
168.150.177.165<=2403	from:212.175.111.242	212.175.111.242:1051 => 168.150.177.165:139
168.150.177.165<=2403	from:58.238.103.14	58.238.103.14:4507 => 168.150.177.165:139
168.150.177.165<=2403	from:59.114.124.128	59.114.124.128:62410 => 168.150.177.165:139
168.150.177.165<=2403	from:63.87.226.35	63.87.226.35:4201 => 168.150.177.165:139
168.150.177.165<=2403	name:NETBIOS SMB Session Setup AndX request unicode username overflow attempt	priority=1class=Attempted Administrator Privilege Gain
168.150.177.165<=2403	payload:TCP	TCP
168.150.177.165<=2404	from:124.47.161.50	124.47.161.50:3856 => 168.150.177.165:445
168.150.177.165<=2404	from:151.205.152.150	151.205.152.150:1362 => 168.150.177.165:445
168.150.177.165<=2404	from:165.228.223.251	165.228.223.251:4361 => 168.150.177.165:445
168.150.177.165<=2404	from:168.226.4.156	168.226.4.156:1707 => 168.150.177.165:445
168.150.177.165<=2404	from:195.180.37.6	195.180.37.6:4392 => 168.150.177.165:445
168.150.177.165<=2404	from:200.105.199.142	200.105.199.142:2233 => 168.150.177.165:445
168.150.177.165<=2404	from:200.207.41.77	200.207.41.77:2686 => 168.150.177.165:445
168.150.177.165<=2404	from:206.159.178.239	206.159.178.239:1505 => 168.150.177.165:445
168.150.177.165<=2404	from:206.162.170.188	206.162.170.188:3031 => 168.150.177.165:445
168.150.177.165<=2404	from:212.175.111.242	212.175.111.242:3100 => 168.150.177.165:445
168.150.177.165<=2404	from:212.175.208.47	212.175.208.47:2376 => 168.150.177.165:445
168.150.177.165<=2404	from:216.138.123.38	216.138.123.38:3046 => 168.150.177.165:445
168.150.177.165<=2404	from:218.163.231.62	218.163.231.62:3426 => 168.150.177.165:445
168.150.177.165<=2404	from:218.170.102.140	218.170.102.140:4913 => 168.150.177.165:445
168.150.177.165<=2404	from:219.117.242.253	219.117.242.253:2120 => 168.150.177.165:445
168.150.177.165<=2404	from:219.235.49.90	219.235.49.90:4842 => 168.150.177.165:445
168.150.177.165<=2404	from:24.105.187.229	24.105.187.229:3693 => 168.150.177.165:445
168.150.177.165<=2404	from:61.120.225.67	61.120.225.67:3712 => 168.150.177.165:445
168.150.177.165<=2404	from:62.35.20.128	62.35.20.128:2766 => 168.150.177.165:445
168.150.177.165<=2404	from:63.87.226.35	63.87.226.35:3102 => 168.150.177.165:445
168.150.177.165<=2404	from:63.90.117.56	63.90.117.56:4035 => 168.150.177.165:445
168.150.177.165<=2404	from:64.148.211.242	64.148.211.242:1817 => 168.150.177.165:445
168.150.177.165<=2404	from:64.201.236.198	64.201.236.198:3363 => 168.150.177.165:445
168.150.177.165<=2404	from:66.66.255.9	66.66.255.9:4042 => 168.150.177.165:445
168.150.177.165<=2404	from:70.150.95.119	70.150.95.119:3822 => 168.150.177.165:445
168.150.177.165<=2404	from:70.20.129.58	70.20.129.58:1774 => 168.150.177.165:445
168.150.177.165<=2404	from:71.99.253.94	71.99.253.94:1483 => 168.150.177.165:445
168.150.177.165<=2404	from:87.219.188.122	87.219.188.122:3609 => 168.150.177.165:445
168.150.177.165<=2404	name:NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt	priority=1class=Attempted Administrator Privilege Gain
168.150.177.165<=2404	payload:TCP	TCP
168.150.177.165<=2466	from:12.176.80.239	12.176.80.239:1352 => 168.150.177.165:445
168.150.177.165<=2466	from:125.203.127.46	125.203.127.46:1300 => 168.150.177.165:445
168.150.177.165<=2466	from:168.160.224.133	168.160.224.133:1549 => 168.150.177.165:445
168.150.177.165<=2466	from:168.226.136.174	168.226.136.174:4093 => 168.150.177.165:445
168.150.177.165<=2466	from:170.163.160.201	170.163.160.201:32410 => 168.150.177.165:445
168.150.177.165<=2466	from:202.56.255.38	202.56.255.38:46297 => 168.150.177.165:445
168.150.177.165<=2466	from:207.155.240.226	207.155.240.226:17507 => 168.150.177.165:445
168.150.177.165<=2466	from:212.123.21.67	212.123.21.67:5460 => 168.150.177.165:445
168.150.177.165<=2466	from:213.92.32.16	213.92.32.16:4755 => 168.150.177.165:445
168.150.177.165<=2466	from:216.241.50.148	216.241.50.148:3396 => 168.150.177.165:445
168.150.177.165<=2466	from:218.219.220.239	218.219.220.239:2594 => 168.150.177.165:445
168.150.177.165<=2466	from:219.164.3.40	219.164.3.40:4065 => 168.150.177.165:445
168.150.177.165<=2466	from:61.57.245.34	61.57.245.34:14634 => 168.150.177.165:445
168.150.177.165<=2466	from:63.161.52.34	63.161.52.34:6891 => 168.150.177.165:445
168.150.177.165<=2466	from:64.148.211.242	64.148.211.242:4201 => 168.150.177.165:445
168.150.177.165<=2466	from:65.106.97.11	65.106.97.11:3897 => 168.150.177.165:445
168.150.177.165<=2466	from:68.255.112.117	68.255.112.117:2198 => 168.150.177.165:445
168.150.177.165<=2466	from:74.130.69.42	74.130.69.42:2586 => 168.150.177.165:445
168.150.177.165<=2466	from:80.203.220.210	80.203.220.210:1646 => 168.150.177.165:445
168.150.177.165<=2466	from:83.229.70.170	83.229.70.170:3833 => 168.150.177.165:445
168.150.177.165<=2466	name:NETBIOS SMB-DS IPC$ unicode share access	priority=3class=Generic Protocol Command Decode
168.150.177.165<=2466	payload:TCP	TCP
168.150.177.165<=2514	from:125.203.127.46	125.203.127.46:1300 => 168.150.177.165:445
168.150.177.165<=2514	from:168.226.136.174	168.226.136.174:4093 => 168.150.177.165:445
168.150.177.165<=2514	from:218.219.220.239	218.219.220.239:2594 => 168.150.177.165:445
168.150.177.165<=2514	from:219.164.3.40	219.164.3.40:4065 => 168.150.177.165:445
168.150.177.165<=2514	name:NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt	priority=1class=Attempted Administrator Privilege Gain
168.150.177.165<=2514	payload:TCP	TCP
168.150.177.165<=255	from:85.97.114.6	85.97.114.6:0 => 168.150.177.165:0
168.150.177.165<=255	name:(snort_decoder) WARNING: ICMP Original IP Fragmented and Offset Not 0!	priority=3class=Port Scan
168.150.177.165<=255	payload:ICMP	ICMP
168.150.177.165<=3003	from:168.226.4.156	168.226.4.156:1707 => 168.150.177.165:445
168.150.177.165<=3003	name:NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt	priority=3class=Generic Protocol Command Decode
168.150.177.165<=3003	payload:TCP	TCP
168.150.177.165<=366	from:169.237.5.23	169.237.5.23:0 => 168.150.177.165:0
168.150.177.165<=366	from:169.237.7.180	169.237.7.180:0 => 168.150.177.165:0
168.150.177.165<=366	name:ICMP PING *NIX	priority=3class=Misc activity
168.150.177.165<=366	payload:ICMP	ICMP
168.150.177.165<=368	from:169.237.5.23	169.237.5.23:0 => 168.150.177.165:0
168.150.177.165<=368	from:169.237.7.180	169.237.7.180:0 => 168.150.177.165:0
168.150.177.165<=368	name:ICMP PING BSDtype	priority=3class=Misc activity
168.150.177.165<=368	payload:ICMP	ICMP
168.150.177.165<=372	from:220.79.110.181	220.79.110.181:0 => 168.150.177.165:0
168.150.177.165<=372	name:ICMP PING Delphi-Piette Windows	priority=3class=Misc activity
168.150.177.165<=372	payload:ICMP	ICMP
168.150.177.165<=384	from:169.237.5.23	169.237.5.23:0 => 168.150.177.165:0
168.150.177.165<=384	from:169.237.7.180	169.237.7.180:0 => 168.150.177.165:0
168.150.177.165<=384	from:202.97.193.72	202.97.193.72:0 => 168.150.177.165:0
168.150.177.165<=384	from:220.79.110.181	220.79.110.181:0 => 168.150.177.165:0
168.150.177.165<=384	from:24.7.178.192	24.7.178.192:0 => 168.150.177.165:0
168.150.177.165<=384	from:24.96.107.24	24.96.107.24:0 => 168.150.177.165:0
168.150.177.165<=384	from:60.8.86.98	60.8.86.98:0 => 168.150.177.165:0
168.150.177.165<=384	from:68.52.58.192	68.52.58.192:0 => 168.150.177.165:0
168.150.177.165<=384	from:80.203.220.210	80.203.220.210:0 => 168.150.177.165:0
168.150.177.165<=384	name:ICMP PING	priority=3class=Misc activity
168.150.177.165<=384	payload:ICMP	ICMP
168.150.177.165<=399	from:200.171.140.70	200.171.140.70:0 => 168.150.177.165:0
168.150.177.165<=399	from:62.238.255.201	62.238.255.201:0 => 168.150.177.165:0
168.150.177.165<=399	from:87.219.188.122	87.219.188.122:0 => 168.150.177.165:0
168.150.177.165<=399	name:ICMP Destination Unreachable Host Unreachable	priority=3class=Misc activity
168.150.177.165<=399	payload:ICMP	ICMP
168.150.177.165<=401	from:200.41.26.131	200.41.26.131:0 => 168.150.177.165:0
168.150.177.165<=401	name:ICMP Destination Unreachable Network Unreachable	priority=3class=Misc activity
168.150.177.165<=401	payload:ICMP	ICMP
168.150.177.165<=402	from:124.106.228.183	124.106.228.183:0 => 168.150.177.165:0
168.150.177.165<=402	from:168.150.177.1	168.150.177.1:0 => 168.150.177.165:0
168.150.177.165<=402	from:207.255.108.7	207.255.108.7:0 => 168.150.177.165:0
168.150.177.165<=402	from:211.59.225.76	211.59.225.76:0 => 168.150.177.165:0
168.150.177.165<=402	from:213.226.248.12	213.226.248.12:0 => 168.150.177.165:0
168.150.177.165<=402	from:222.139.201.232	222.139.201.232:0 => 168.150.177.165:0
168.150.177.165<=402	from:68.10.140.78	68.10.140.78:0 => 168.150.177.165:0
168.150.177.165<=402	from:68.229.220.72	68.229.220.72:0 => 168.150.177.165:0
168.150.177.165<=402	from:70.144.239.205	70.144.239.205:0 => 168.150.177.165:0
168.150.177.165<=402	from:80.187.4.226	80.187.4.226:0 => 168.150.177.165:0
168.150.177.165<=402	from:81.211.124.57	81.211.124.57:0 => 168.150.177.165:0
168.150.177.165<=402	from:84.131.4.249	84.131.4.249:0 => 168.150.177.165:0
168.150.177.165<=402	from:84.94.132.18	84.94.132.18:0 => 168.150.177.165:0
168.150.177.165<=402	from:85.105.136.12	85.105.136.12:0 => 168.150.177.165:0
168.150.177.165<=402	from:85.108.165.183	85.108.165.183:0 => 168.150.177.165:0
168.150.177.165<=402	from:85.97.114.6	85.97.114.6:0 => 168.150.177.165:0
168.150.177.165<=402	from:87.202.139.118	87.202.139.118:0 => 168.150.177.165:0
168.150.177.165<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
168.150.177.165<=402	payload:ICMP	ICMP
168.150.177.165<=469	from:68.52.58.192	68.52.58.192:0 => 168.150.177.165:0
168.150.177.165<=469	name:ICMP PING NMAP	priority=2class=Attempted Information Leak
168.150.177.165<=469	payload:ICMP	ICMP
168.150.177.165<=485	from:80.143.2.4	80.143.2.4:0 => 168.150.177.165:0
168.150.177.165<=485	from:84.152.165.254	84.152.165.254:0 => 168.150.177.165:0
168.150.177.165<=485	name:ICMP Destination Unreachable Communication Administratively Prohibited	priority=3class=Misc activity
168.150.177.165<=485	payload:ICMP	ICMP
168.150.177.165<=530	from:222.212.64.198	222.212.64.198:4113 => 168.150.177.165:139
168.150.177.165<=530	name:NETBIOS NT NULL session	priority=2class=Attempted Information Leak
168.150.177.165<=530	payload:TCP	TCP
168.150.177.165<=538	from:124.60.120.214	124.60.120.214:4460 => 168.150.177.165:139
168.150.177.165<=538	from:222.233.63.49	222.233.63.49:2146 => 168.150.177.165:139
168.150.177.165<=538	from:64.132.169.61	64.132.169.61:34944 => 168.150.177.165:139
168.150.177.165<=538	name:NETBIOS SMB IPC$ unicode share access	priority=3class=Generic Protocol Command Decode
168.150.177.165<=538	payload:TCP	TCP
168.150.177.1<=19	from:168.150.177.165	168.150.177.165:0 => 168.150.177.1:0
168.150.177.1<=19	name:(portscan) UDP Portsweep	priority=3class=Port Scan
168.150.177.1<=19	payload:PROTO:255	PROTO:255
168.150.177.1<=1917	from:168.150.177.165	168.150.177.165:13226 => 168.150.177.1:1900
168.150.177.1<=1917	name:SCAN UPnP service discover attempt	priority=3class=Detection of a Network Scan
168.150.177.1<=1917	payload:UDP	UDP
169.237.5.23<=408	from:168.150.177.165	168.150.177.165:0 => 169.237.5.23:0
169.237.5.23<=408	name:ICMP Echo Reply	priority=3class=Misc activity
169.237.5.23<=408	payload:ICMP	ICMP
169.237.7.180<=408	from:168.150.177.165	168.150.177.165:0 => 169.237.7.180:0
169.237.7.180<=408	name:ICMP Echo Reply	priority=3class=Misc activity
169.237.7.180<=408	payload:ICMP	ICMP
172.145.36.246<=402	from:168.150.177.165	168.150.177.165:0 => 172.145.36.246:0
172.145.36.246<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
172.145.36.246<=402	payload:ICMP	ICMP
174.46.118.149<=402	from:168.150.177.165	168.150.177.165:0 => 174.46.118.149:0
174.46.118.149<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
174.46.118.149<=402	payload:ICMP	ICMP
176.232.251.36<=402	from:168.150.177.165	168.150.177.165:0 => 176.232.251.36:0
176.232.251.36<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
176.232.251.36<=402	payload:ICMP	ICMP
180.211.173.54<=402	from:168.150.177.165	168.150.177.165:0 => 180.211.173.54:0
180.211.173.54<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
180.211.173.54<=402	payload:ICMP	ICMP
182.227.184.247<=402	from:168.150.177.165	168.150.177.165:0 => 182.227.184.247:0
182.227.184.247<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
182.227.184.247<=402	payload:ICMP	ICMP
195.180.37.6<=2924	from:168.150.177.165	168.150.177.165:445 => 195.180.37.6:4626
195.180.37.6<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
195.180.37.6<=2924	payload:TCP	TCP
198.227.98.132<=402	from:168.150.177.165	168.150.177.165:0 => 198.227.98.132:0
198.227.98.132<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
198.227.98.132<=402	payload:ICMP	ICMP
20.219.102.10<=402	from:168.150.177.165	168.150.177.165:0 => 20.219.102.10:0
20.219.102.10<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
20.219.102.10<=402	payload:ICMP	ICMP
20.46.179.49<=402	from:168.150.177.165	168.150.177.165:0 => 20.46.179.49:0
20.46.179.49<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
20.46.179.49<=402	payload:ICMP	ICMP
200.105.199.142<=2924	from:168.150.177.165	168.150.177.165:445 => 200.105.199.142:3856
200.105.199.142<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
200.105.199.142<=2924	payload:TCP	TCP
200.207.41.77<=2924	from:168.150.177.165	168.150.177.165:445 => 200.207.41.77:2591
200.207.41.77<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
200.207.41.77<=2924	payload:TCP	TCP
202.97.193.72<=408	from:168.150.177.165	168.150.177.165:0 => 202.97.193.72:0
202.97.193.72<=408	name:ICMP Echo Reply	priority=3class=Misc activity
202.97.193.72<=408	payload:ICMP	ICMP
202.99.172.171<=402	from:168.150.177.165	168.150.177.165:0 => 202.99.172.171:0
202.99.172.171<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
202.99.172.171<=402	payload:ICMP	ICMP
202.99.172.172<=402	from:168.150.177.165	168.150.177.165:0 => 202.99.172.172:0
202.99.172.172<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
202.99.172.172<=402	payload:ICMP	ICMP
204.16.208.61<=402	from:168.150.177.165	168.150.177.165:0 => 204.16.208.61:0
204.16.208.61<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
204.16.208.61<=402	payload:ICMP	ICMP
205.152.165.102<=402	from:168.150.177.165	168.150.177.165:0 => 205.152.165.102:0
205.152.165.102<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
205.152.165.102<=402	payload:ICMP	ICMP
206.159.178.239<=2924	from:168.150.177.165	168.150.177.165:445 => 206.159.178.239:1581
206.159.178.239<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
206.159.178.239<=2924	payload:TCP	TCP
206.162.170.188<=2924	from:168.150.177.165	168.150.177.165:445 => 206.162.170.188:2637
206.162.170.188<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
206.162.170.188<=2924	payload:TCP	TCP
207.210.240.12<=402	from:168.150.177.165	168.150.177.165:0 => 207.210.240.12:0
207.210.240.12<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
207.210.240.12<=402	payload:ICMP	ICMP
207.210.240.22<=402	from:168.150.177.165	168.150.177.165:0 => 207.210.240.22:0
207.210.240.22<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
207.210.240.22<=402	payload:ICMP	ICMP
207.220.248.51<=402	from:168.150.177.165	168.150.177.165:0 => 207.220.248.51:0
207.220.248.51<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
207.220.248.51<=402	payload:ICMP	ICMP
207.56.212.95<=402	from:168.150.177.165	168.150.177.165:0 => 207.56.212.95:0
207.56.212.95<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
207.56.212.95<=402	payload:ICMP	ICMP
210.185.223.146<=402	from:168.150.177.165	168.150.177.165:0 => 210.185.223.146:0
210.185.223.146<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
210.185.223.146<=402	payload:ICMP	ICMP
212.175.111.242<=1	from:168.150.177.165	168.150.177.165:0 => 212.175.111.242:0
212.175.111.242<=1	name:(portscan) TCP Portscan	priority=3class=Port Scan
212.175.111.242<=1	payload:PROTO:255	PROTO:255
212.175.111.242<=2924	from:168.150.177.165	168.150.177.165:445 => 212.175.111.242:1582
212.175.111.242<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
212.175.111.242<=2924	payload:TCP	TCP
212.175.208.47<=1	from:168.150.177.165	168.150.177.165:0 => 212.175.208.47:0
212.175.208.47<=1	name:(portscan) TCP Portscan	priority=3class=Port Scan
212.175.208.47<=1	payload:PROTO:255	PROTO:255
212.175.208.47<=2924	from:168.150.177.165	168.150.177.165:445 => 212.175.208.47:1753
212.175.208.47<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
212.175.208.47<=2924	payload:TCP	TCP
212.187.177.228<=402	from:168.150.177.165	168.150.177.165:0 => 212.187.177.228:0
212.187.177.228<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
212.187.177.228<=402	payload:ICMP	ICMP
213.35.7.207<=402	from:168.150.177.165	168.150.177.165:0 => 213.35.7.207:0
213.35.7.207<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
213.35.7.207<=402	payload:ICMP	ICMP
217.208.68.90<=402	from:168.150.177.165	168.150.177.165:0 => 217.208.68.90:0
217.208.68.90<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
217.208.68.90<=402	payload:ICMP	ICMP
219.117.242.253<=2924	from:168.150.177.165	168.150.177.165:445 => 219.117.242.253:2120
219.117.242.253<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
219.117.242.253<=2924	payload:TCP	TCP
22.221.10.223<=402	from:168.150.177.165	168.150.177.165:0 => 22.221.10.223:0
22.221.10.223<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
22.221.10.223<=402	payload:ICMP	ICMP
220.79.110.181<=408	from:168.150.177.165	168.150.177.165:0 => 220.79.110.181:0
220.79.110.181<=408	name:ICMP Echo Reply	priority=3class=Misc activity
220.79.110.181<=408	payload:ICMP	ICMP
221.203.145.56<=402	from:168.150.177.165	168.150.177.165:0 => 221.203.145.56:0
221.203.145.56<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
221.203.145.56<=402	payload:ICMP	ICMP
221.203.145.73<=402	from:168.150.177.165	168.150.177.165:0 => 221.203.145.73:0
221.203.145.73<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
221.203.145.73<=402	payload:ICMP	ICMP
221.203.145.74<=402	from:168.150.177.165	168.150.177.165:0 => 221.203.145.74:0
221.203.145.74<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
221.203.145.74<=402	payload:ICMP	ICMP
221.203.189.44<=402	from:168.150.177.165	168.150.177.165:0 => 221.203.189.44:0
221.203.189.44<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
221.203.189.44<=402	payload:ICMP	ICMP
222.26.224.140<=402	from:168.150.177.165	168.150.177.165:0 => 222.26.224.140:0
222.26.224.140<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
222.26.224.140<=402	payload:ICMP	ICMP
223.124.151.30<=402	from:168.150.177.165	168.150.177.165:0 => 223.124.151.30:0
223.124.151.30<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
223.124.151.30<=402	payload:ICMP	ICMP
224.0.0.13<=2189	from:140.110.138.253	140.110.138.253:0 => 224.0.0.13:0
224.0.0.13<=2189	name:BAD-TRAFFIC IP Proto 103 PIM	priority=2class=Detection of a non-standard protocol or event
224.0.0.13<=2189	payload:PIM	PIM
224.0.0.1<=382	from:140.110.138.5	140.110.138.5:0 => 224.0.0.1:0
224.0.0.1<=382	name:ICMP PING Windows	priority=3class=Misc activity
224.0.0.1<=382	payload:ICMP	ICMP
224.0.0.1<=384	from:140.110.138.5	140.110.138.5:0 => 224.0.0.1:0
224.0.0.1<=384	name:ICMP PING	priority=3class=Misc activity
224.0.0.1<=384	payload:ICMP	ICMP
23.227.229.222<=402	from:168.150.177.165	168.150.177.165:0 => 23.227.229.222:0
23.227.229.222<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
23.227.229.222<=402	payload:ICMP	ICMP
239.255.255.250<=1917	from:168.150.177.165	168.150.177.165:1028 => 239.255.255.250:1900
239.255.255.250<=1917	name:SCAN UPnP service discover attempt	priority=3class=Detection of a Network Scan
239.255.255.250<=1917	payload:UDP	UDP
24.105.187.229<=2924	from:168.150.177.165	168.150.177.165:445 => 24.105.187.229:3641
24.105.187.229<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
24.105.187.229<=2924	payload:TCP	TCP
24.7.178.192<=402	from:168.150.177.165	168.150.177.165:0 => 24.7.178.192:0
24.7.178.192<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
24.7.178.192<=402	payload:ICMP	ICMP
24.7.178.192<=408	from:168.150.177.165	168.150.177.165:0 => 24.7.178.192:0
24.7.178.192<=408	name:ICMP Echo Reply	priority=3class=Misc activity
24.7.178.192<=408	payload:ICMP	ICMP
24.96.107.24<=408	from:168.150.177.165	168.150.177.165:0 => 24.96.107.24:0
24.96.107.24<=408	name:ICMP Echo Reply	priority=3class=Misc activity
24.96.107.24<=408	payload:ICMP	ICMP
34.168.1.34<=402	from:168.150.177.165	168.150.177.165:0 => 34.168.1.34:0
34.168.1.34<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
34.168.1.34<=402	payload:ICMP	ICMP
36.57.178.19<=402	from:168.150.177.165	168.150.177.165:0 => 36.57.178.19:0
36.57.178.19<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
36.57.178.19<=402	payload:ICMP	ICMP
37.12.58.204<=402	from:168.150.177.165	168.150.177.165:0 => 37.12.58.204:0
37.12.58.204<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
37.12.58.204<=402	payload:ICMP	ICMP
39.162.217.80<=402	from:168.150.177.165	168.150.177.165:0 => 39.162.217.80:0
39.162.217.80<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
39.162.217.80<=402	payload:ICMP	ICMP
39.227.15.107<=402	from:168.150.177.165	168.150.177.165:0 => 39.227.15.107:0
39.227.15.107<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
39.227.15.107<=402	payload:ICMP	ICMP
43.89.251.229<=402	from:168.150.177.165	168.150.177.165:0 => 43.89.251.229:0
43.89.251.229<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
43.89.251.229<=402	payload:ICMP	ICMP
57.61.61.63<=402	from:168.150.177.165	168.150.177.165:0 => 57.61.61.63:0
57.61.61.63<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
57.61.61.63<=402	payload:ICMP	ICMP
58.47.158.247<=402	from:168.150.177.165	168.150.177.165:0 => 58.47.158.247:0
58.47.158.247<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
58.47.158.247<=402	payload:ICMP	ICMP
60.8.86.98<=408	from:168.150.177.165	168.150.177.165:0 => 60.8.86.98:0
60.8.86.98<=408	name:ICMP Echo Reply	priority=3class=Misc activity
60.8.86.98<=408	payload:ICMP	ICMP
61.156.42.101<=402	from:168.150.177.165	168.150.177.165:0 => 61.156.42.101:0
61.156.42.101<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
61.156.42.101<=402	payload:ICMP	ICMP
61.156.42.103<=402	from:168.150.177.165	168.150.177.165:0 => 61.156.42.103:0
61.156.42.103<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
61.156.42.103<=402	payload:ICMP	ICMP
61.186.97.131<=402	from:168.150.177.165	168.150.177.165:0 => 61.186.97.131:0
61.186.97.131<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
61.186.97.131<=402	payload:ICMP	ICMP
63.87.226.35<=2924	from:168.150.177.165	168.150.177.165:445 => 63.87.226.35:3042
63.87.226.35<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
63.87.226.35<=2924	payload:TCP	TCP
63.90.117.56<=2924	from:168.150.177.165	168.150.177.165:445 => 63.90.117.56:3633
63.90.117.56<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
63.90.117.56<=2924	payload:TCP	TCP
64.148.211.242<=2924	from:168.150.177.165	168.150.177.165:445 => 64.148.211.242:1185
64.148.211.242<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
64.148.211.242<=2924	payload:TCP	TCP
64.201.236.198<=2924	from:168.150.177.165	168.150.177.165:445 => 64.201.236.198:3227
64.201.236.198<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
64.201.236.198<=2924	payload:TCP	TCP
65.114.168.237<=408	from:168.150.177.165	168.150.177.165:0 => 65.114.168.237:0
65.114.168.237<=408	name:ICMP Echo Reply	priority=3class=Misc activity
65.114.168.237<=408	payload:ICMP	ICMP
66.103.174.225<=402	from:168.150.177.165	168.150.177.165:0 => 66.103.174.225:0
66.103.174.225<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
66.103.174.225<=402	payload:ICMP	ICMP
66.35.192.227<=402	from:168.150.177.165	168.150.177.165:0 => 66.35.192.227:0
66.35.192.227<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
66.35.192.227<=402	payload:ICMP	ICMP
68.116.49.23<=2924	from:168.150.177.165	168.150.177.165:445 => 68.116.49.23:60667
68.116.49.23<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
68.116.49.23<=2924	payload:TCP	TCP
68.254.5.217<=2924	from:168.150.177.165	168.150.177.165:445 => 68.254.5.217:4243
68.254.5.217<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
68.254.5.217<=2924	payload:TCP	TCP
68.52.58.192<=408	from:168.150.177.165	168.150.177.165:0 => 68.52.58.192:0
68.52.58.192<=408	name:ICMP Echo Reply	priority=3class=Misc activity
68.52.58.192<=408	payload:ICMP	ICMP
70.20.129.58<=2924	from:168.150.177.165	168.150.177.165:445 => 70.20.129.58:2688
70.20.129.58<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
70.20.129.58<=2924	payload:TCP	TCP
8.173.117.77<=402	from:168.150.177.165	168.150.177.165:0 => 8.173.117.77:0
8.173.117.77<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
8.173.117.77<=402	payload:ICMP	ICMP
8.34.19.235<=402	from:168.150.177.165	168.150.177.165:0 => 8.34.19.235:0
8.34.19.235<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
8.34.19.235<=402	payload:ICMP	ICMP
80.203.220.210<=2924	from:168.150.177.165	168.150.177.165:445 => 80.203.220.210:1662
80.203.220.210<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
80.203.220.210<=2924	payload:TCP	TCP
80.203.220.210<=408	from:168.150.177.165	168.150.177.165:0 => 80.203.220.210:0
80.203.220.210<=408	name:ICMP Echo Reply	priority=3class=Misc activity
80.203.220.210<=408	payload:ICMP	ICMP
80.252.21.163<=402	from:168.150.177.165	168.150.177.165:0 => 80.252.21.163:0
80.252.21.163<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
80.252.21.163<=402	payload:ICMP	ICMP
82.70.205.178<=2924	from:168.150.177.165	168.150.177.165:445 => 82.70.205.178:3745
82.70.205.178<=2924	name:NETBIOS SMB-DS repeated logon failure	priority=1class=Unsuccessful User Privilege Gain
82.70.205.178<=2924	payload:TCP	TCP
82.70.205.178<=3	from:168.150.177.165	168.150.177.165:0 => 82.70.205.178:0
82.70.205.178<=3	name:(portscan) TCP Portsweep	priority=3class=Port Scan
82.70.205.178<=3	payload:PROTO:255	PROTO:255
83.220.74.162<=402	from:168.150.177.165	168.150.177.165:0 => 83.220.74.162:0
83.220.74.162<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
83.220.74.162<=402	payload:ICMP	ICMP
91.156.41.244<=402	from:168.150.177.165	168.150.177.165:0 => 91.156.41.244:0
91.156.41.244<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
91.156.41.244<=402	payload:ICMP	ICMP
95.105.169.35<=402	from:168.150.177.165	168.150.177.165:0 => 95.105.169.35:0
95.105.169.35<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
95.105.169.35<=402	payload:ICMP	ICMP
95.149.33.232<=402	from:168.150.177.165	168.150.177.165:0 => 95.149.33.232:0
95.149.33.232<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
95.149.33.232<=402	payload:ICMP	ICMP
97.76.172.44<=402	from:168.150.177.165	168.150.177.165:0 => 97.76.172.44:0
97.76.172.44<=402	name:ICMP Destination Unreachable Port Unreachable	priority=3class=Misc activity
97.76.172.44<=402	payload:ICMP	ICMP

128 row(s) in set.

Download in other formats:

Plain Text